aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/multipath-tools/APKBUILD11
-rw-r--r--main/multipath-tools/multipath-tools-0.4.9-log_enquery_overflow.patch69
2 files changed, 77 insertions, 3 deletions
diff --git a/main/multipath-tools/APKBUILD b/main/multipath-tools/APKBUILD
index edb28aaffa..f89530c16d 100644
--- a/main/multipath-tools/APKBUILD
+++ b/main/multipath-tools/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
pkgname="multipath-tools"
pkgver=0.4.9
-pkgrel=4
+pkgrel=5
pkgdesc="Device Mapper Multipathing Driver"
url="http://christophe.varoqui.free.fr/"
arch="all"
@@ -13,7 +13,10 @@ install=
subpackages="$pkgname-doc"
source="http://christophe.varoqui.free.fr/$pkgname/$pkgname-$pkgver.tar.bz2
multipath-tools-0.4.9-build.patch
- multipath-tools-0.4.8-kparted-ext-partitions.patch"
+ multipath-tools-0.4.8-kparted-ext-partitions.patch
+ multipath-tools-0.4.9-log_enquery_overflow.patch
+ multipath-tools-0.4.9-buffer-overflows.patch
+ "
_builddir="$srcdir"
@@ -45,4 +48,6 @@ package() {
md5sums="a6d4b48afc28f1f50f5ee4b1b06d2765 multipath-tools-0.4.9.tar.bz2
751a7e079fef26cced73e2fc31ad7f11 multipath-tools-0.4.9-build.patch
-68ea053e02e9f5c4883b24b3f9bb2bf1 multipath-tools-0.4.8-kparted-ext-partitions.patch"
+68ea053e02e9f5c4883b24b3f9bb2bf1 multipath-tools-0.4.8-kparted-ext-partitions.patch
+00eae05e02f1b85062e998574ab1b833 multipath-tools-0.4.9-log_enquery_overflow.patch
+c5aab36777b0304a3525533cdd31bddc multipath-tools-0.4.9-buffer-overflows.patch"
diff --git a/main/multipath-tools/multipath-tools-0.4.9-log_enquery_overflow.patch b/main/multipath-tools/multipath-tools-0.4.9-log_enquery_overflow.patch
new file mode 100644
index 0000000000..67367c9f42
--- /dev/null
+++ b/main/multipath-tools/multipath-tools-0.4.9-log_enquery_overflow.patch
@@ -0,0 +1,69 @@
+From e1d69df0cdd1627676501df3a533b25ffadaeff0 Mon Sep 17 00:00:00 2001
+From: Arkadiusz Miskiewicz <arekm@maven.pl>
+Date: Sat, 27 Nov 2010 19:21:21 +0100
+Subject: [PATCH] multipath-tools overflow
+
+On Saturday 27 of November 2010, you wrote:
+
+[...]
+
+> the whole logarea is memset to 0 by logarea_init(), and each dequeued
+> message is also memset to 0 by log_dequeue(), so it seems normal that
+> msg->str value is 0x0, but it's really its address that matters.
+
+Ok, got it. Pointers, memory areas in my debugging session - are looking
+good then.
+
+>
+> It's not clear to me : are you actually hitting a bug or is it your
+> debug session that puzzles you ?
+
+I'm hitting a bug. multipathd dies for me at that strcpy(). Now I think
+the bug is strcpy usage instead of memcpy because I'm building with
+-O2 -D_FORTIFY_SOURCE=2 which turns on special glibc overflow
+detection.
+
+That detection seem to be smart enough to know that &str area is not
+a string memory and aborts the program.
+
+Found similar problem discussed here
+http://sourceware.org/ml/binutils/2005-11/msg00308.html
+
+glibc aborts the program:
+[pid 13432] writev(2, [{"*** ", 4}, {"buffer overflow detected", 24},
+{" ***: ", 6}, {"/home/users/arekm/rpm/BUILD/multipath-tools-0.4.9
+/multipathd/multipathd", 71}, {" terminated\n", 12}], 5) = 117
+
+same for valgrind:
+**13436** *** strcpy_chk: buffer overflow detected ***: program terminated
+==13436== at 0x4024997: VALGRIND_PRINTF_BACKTRACE (valgrind.h:4477)
+==13436== by 0x40265F8: __strcpy_chk (mc_replace_strmem.c:781)
+==13436== by 0x40EDC06: log_enqueue (string3.h:107)
+==13436== by 0x40ED68A: log_safe (log_pthread.c:24)
+==13436== by 0x40E296A: dlog (debug.c:36)
+==13436== by 0x804ECEC: pidfile_create (pidfile.c:37)
+==13436== by 0x804E731: main (main.c:1424)
+
+The bug is not visible if I run multipathd in debug mode (-d).
+
+This patch fixes the problem for me by avoiding false positive on strcpy_chk.
+---
+ libmultipath/log.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/libmultipath/log.c b/libmultipath/log.c
+index e56e46b..57b7696 100644
+--- a/libmultipath/log.c
++++ b/libmultipath/log.c
+@@ -142,7 +142,7 @@ int log_enqueue (int prio, const char * fmt, va_list ap)
+ la->empty = 0;
+ msg = (struct logmsg *)la->tail;
+ msg->prio = prio;
+- strcpy((void *)&msg->str, buff);
++ memcpy((void *)&msg->str, buff, strlen(buff) + 1);
+ lastmsg->next = la->tail;
+ msg->next = la->head;
+
+--
+1.7.6.5
+